Troubleshooting an existing Talend Job in OpenStudio which has some nested calculations in the Expression. One of the columns has this in the expression field.
retrw.AVG_COST.subtract(retrw.AVG_PRICE!=null?retrw.AVG_PRICE:retrw.IPO_PRICE).add(retrw.IPO_CPRICE).subtract(retrw.IPO_DVB!=null?retrw.IPO_DVB:(new BigDecimal(0.0)))
I am having trouble translating this to a regular SQL Request/formula. Dont have an error per se but want to know if my translation is correct.
Hoping someone here can validate?
What I think this expression is translated to in SQL is:
AVG_COST - (DECODE(AVG_PRICE,NULL,IPO_PRICE,AVG_PRICE))+ IPO_CPRICE - (DECODE(IPO_DVB,NULL,0.0,IPO_DVB))
The lack of parenthesis is throwing me off. Hence the confusion.
Appreciate any help in this regard.
Thanks,
Bee
Related
How can we implement pattern matching in Spring Batch, I am using org.springframework.batch.item.file.mapping.PatternMatchingCompositeLineMapper
I got to know that I can only use ? or * here to create my pattern.
My requirement is like below:
I have a fixed length record file and in each record I have two fields at 35th and 36th position which gives record type
for example below "05" is record type which is at 35th and 36th position and total length of record is 400.
0000001131444444444444445589868444050MarketsABNAKKAAAAKKKA05568551456...........
I tried to write regular expression but it does not work, i got to know only two special character can be used which are * and ? .
In that case I can only write like this
??????????????????????????????????05?????????????..................
but it does not seem to be good solution.
Please suggest how can I write this solution, Thanks a lot for help in advance
The PatternMatchingCompositeLineMapper uses an instance of org.springframework.batch.support.PatternMatcher to do the matching. It's important to note that PatternMatcher does not use true regular expressions. It uses something closer to ant patterns (the code is actually lifted from AntPathMatcher in Spring Core).
That being said, you have three options:
Use a pattern like you are referring to (since there is no short hand way to specify the number of ? that should be checked like there is in regular expressions).
Create your own composite LineMapper implementation that uses regular expressions to do the mapping.
For the record, if you choose option 2, contributing it back would be appreciated!
When setting up parameters in Jasper Studio I cannot find a way to validate them. For example I have a string parameter but I want to ensure it is only numeric, or max length of 10, or not empty, etc. so when I try to run the report it stops me before it tries to call the SQL and shows an error instead?
I tried to use expressions and variables, and looked at scriptlets but they didn't seem to help and unless I'm searching wrong I can find nothing in the documentation or online. Surely parameter validation, even basic stuff, in a report or on the Server is a common action?
I appreciate when doing it via the API you provide your own, but when using Studio to design for the Jasper Server there must be a way to include validation simply?
thanks for any help.
I am trying to implement a functionality that lets users try out configurations in run rime.
Basically, there are some preexisting configurations in DB, but users can make some tweaks on top of those and see results.
This component is written in Golang. One approach i am thinking is about using expression language support. I found some open source packages like https://github.com/araddon/qlbridge
But there are almost negligible number of sample programs / tutorials that demo how to use expression language along with PostgresQL.
Has any one used and attempted such thing? Any suggestions are welcome. Thank you for your time!
Try https://github.com/antonmedv/expr – is an engine that can evaluate expressions.
It can handle expressions like this:
user.Group in ["good_customers", "collaborator"]
len(article.Comments) > 100 and article.Category not in ["misc"]
product.Stock < 15
all(Tickets, {.Price >0})
And also has static type checker and user-friendly error messages
error: unclosed "("
| (boo + bar]
| ----------^
I have one application In which I can’t user “PreparedStatement” on some of places.
Most of SQL queries are like….
String sql = "delete from " + tableName;
So I like to know how to fix “SQL Injection” problem in my code.
Regards,
Sanjay Singh
=======================Edited After getting answer and like to verify solution==========
According to provided suggestion I have identified one strategy to prevent SQL injection in my case ….
Like to know views, I am working on the VeraCode Certificate for our application…
Filter Data so it does not content any space and escape SQL character (so if there is any injected code,
it’ll not going to part of my dynamic SQL, so my column name and table name can’t use to inject SQL query).
public static String getTabColName(String tabColName)
{
if(tabColName == null || "".equals(tabColName.trim()))
return "";
String tempStr = StringEscapeUtils.escapeSql(tabColName.trim());
//If this value content space that means it is not a valid table
// or column name, so don’t use it in dynamic generated SQL
//use space so it create an invalid SQL query
return tempStr.indexOf(' ') == -1 ? tempStr : "";
}
Parameterised queries are a major step towards preventing SQL injection attacks. If you cannot use them, you have an equally major setback in your hands. You can somewhat mitigate the danger by:
input string validation. And I mean validation with all the bells and whistles, which can sometimes reach the level of a full-blown parser, not just a few checks.
input manipulation (e.g. quoting and string escaping). Again, you have to do this right, which can be harder than it seems.
Both techniques are problematic - you have to let valid input through unchanged, in order to maintain compatibility with your current codebase, while still effectively protecting your system. Good luck with that...
From my experience, refactoring - or even rewriting - your code to use prepared statements will save you a lot of time and tears in the long run.
If you don't have a peer-reviewed library of string-escaping functions, at the very least you should white-list characters that you know are safe to embed in strings. For instance, ensure your strings are composed only of letters, digits and underscores, and nothing else. Black-listing known "bad characters" is poised to get you in trouble.
Making sure that the input contains only allowed characters is just an important first step. Your sample statement is a good example for the value of the strategy "find input in a list of all good values" (you surely know the set of tables in your database and the subset of tables users are allowed to zap). "compare input against plausible range" (salary shouldn't be increased by millions or half cents), or "match input against a regex to reveal structural violations" are further examples.
To get confidence in your defenses, you may consider using a QuickCheck-like testing library to attack your validation functions by (suitably biased) random strings. This article lists implementations for languages other than Haskell.
i am creating a Lucene 3.0.3 index using StandardAnalyzer.
when searching is made on index using query like C, C# or C++ it gives same result for all these three term. As, i know while creating index analyzer ignore special character and do not create index for same.
Need to be able to differentiate between "C", "C#" and "C++"
please suggest me that, Is any existing analyzer will resolve this issue?
Any suggestion will be appreciated!!!
I guess that happens because of the fact that StandardAnalyzer uses StandardFilter, which uses StandardTokenizer, which removes special characters.
You could create your own Analyzer implementation.
See http://www.gossamer-threads.com/lists/lucene/java-user/91747?do=post_view_threaded#91747